SlideShare a Scribd company logo

GDG Morgantown, WV: Write code you can depend on!

Download as PPTX, PDF
L
Logan Spears

The hidden cost of dependencies and avoiding the left-pad problem Video: https://www.youtube.com/watch?v=ZtBDjeHILm8

Software
1 of 28
Write code you can depend on! THE HIDDEN COST OF DEPENDENCIES AND AVOIDING THE LEFT-PAD PROBLEM
Who are you?
About Me  Logan Spears  Software Consultant since 2011  Director of Development ShaleApps 2015  Worked on  iOS  Android  Server (mostly go)  Some web  github.com/loganjspears
What is the left-pad problem?
The left-pad Problem  npm package left-pad was unpublished  left-pad was a dependency of React, Babel, and other major packages.  Left-pad and its dependents were unavailable for 2.5 hours during the outage.
npm Strikes Back  npm restored left-pad and other affected packages  They severely restricted un-publishing packages  The day is saved! Total down time was only 2.5 hours. Glad it won’t happen again!
Can we review dependencies for a sec?
Dependency Pros and Cons Pros  You get to stand on the shoulders of programming giants  Developer productivity is increased  DRY principals are upheld Cons  Cognitive load increased  Abandoned projects are common  Reproducible builds can be more difficult  Surface area is larger for bugs and security vulnerabilities
Is there a larger problem here?
The Larger Problem  Dependency graphs are extensive  express dependency graph includes:  41 nodes  31 maintainers  “ee-first” contains two functions  “range-parser” contains one function  Not all dependency versions are pinned
Review of Semantic Versioning  MAJOR version when you make incompatible API changes,  MINOR version when you add functionality in a backwards- compatible manner, and  PATCH version when you make backwards-compatible bug fixes.  Express dependencies shown to the right. The “~” indicates packages that will automatically absorb patch numbers.
Breaking the Build  Can you trust 31 maintainers and countless contributors to push bug free code?  Semantic versioning is not a hard guarantee  You can’t guarantee your dependencies will pin their dependencies’ version numbers.
Security Concerns  rimrafall malicious package executing rm -rf /* /.*  npm accounts of dependency maintainers can be compromised  Commonly confused packages e.g. “express” vs “expressjs”
I deal with it now. What’s the big deal?
npm install != npm install  npm install can produce different results with the same package.json  Heroku, for example, uses npm install for deployments  Best practices advise to exclude dependencies from git  Your dev, CI, and production environment can all act differently  Everything can break when you push to production!  npm.org might be down!
Ok fine I care. What should I do?
Make your builds reproducible!  Check your dependencies into git  Architecture problems can arise  Have to remove build artifacts  npm shrinkwrap  Build Docker image (shown later)  Reduce your dependencies!
Okay you hate npm are we done?
Nope. Lets take a look at Go!
Out of the box  Typical workflow  Write code  import “github.com/org/dep”  go get  Write more code  Shared $GOPATH  Go is a new awesome language. There can’t be any problems here!
go get… Problems  $GOPATH dependency versions can conflict  Dependencies point to master branch which can change  go get can produce different results from the same source  Can I have semantic versioning back?
How do I avoid getting shot by that gopher?
Hacks prior to Go 1.6  gopkg.in  URL based versioning  Ex. “gopkg.in/yaml.v1”  GB  Alternative go tool  Separate $GOPATH for each project  godep  Embed dependencies in source  Rewrite import paths
>= Go 1.6  Vendor support added in Go 1.6  Tools now copy source into vendor directory  godep uses /vendor  Builds now reproducible from just the source  Your build can’t fail if github is down!
I am cool and use Docker. Am I covered?
Docker w/ Node & npm  Bad  CI and Production using source and Dockerfile instead of image  Good  Saving your image and running tests on it
Docker w/ Go Bad Good
“ ” A little copying is better than a little dependency. ROB PIKE

Recommended

Put an end to regression with codeception testing
Put an end to regression with codeception testingPut an end to regression with codeception testing
Put an end to regression with codeception testingJoe Ferguson
 
Composer at Scale, Release and Dependency Management
Composer at Scale, Release and Dependency ManagementComposer at Scale, Release and Dependency Management
Composer at Scale, Release and Dependency ManagementJoe Ferguson
 
DevOps + MongoDB Serverless = 
DevOps + MongoDB Serverless = DevOps + MongoDB Serverless = 
DevOps + MongoDB Serverless = Lauren Hayward Schaefer
 
Building CI/CD Pipelines for MongoDB Realm Apps
Building CI/CD Pipelines for MongoDB Realm AppsBuilding CI/CD Pipelines for MongoDB Realm Apps
Building CI/CD Pipelines for MongoDB Realm AppsLauren Hayward Schaefer
 
Documenting apps ti confnyc
Documenting apps ti confnycDocumenting apps ti confnyc
Documenting apps ti confnycJamil Spain
 
Porque Odeio Branches
Porque Odeio BranchesPorque Odeio Branches
Porque Odeio BranchesRafael Petry
 
Grails at DMC Digital
Grails at DMC DigitalGrails at DMC Digital
Grails at DMC Digitaltomaslin
 
Look, Ma! No servers! Serverless application development with MongoDB Stitch
Look, Ma! No servers! Serverless application development with MongoDB StitchLook, Ma! No servers! Serverless application development with MongoDB Stitch
Look, Ma! No servers! Serverless application development with MongoDB StitchLauren Hayward Schaefer
 

Recommended

Put an end to regression with codeception testing
Put an end to regression with codeception testingPut an end to regression with codeception testing
Put an end to regression with codeception testingJoe Ferguson
 
Composer at Scale, Release and Dependency Management
Composer at Scale, Release and Dependency ManagementComposer at Scale, Release and Dependency Management
Composer at Scale, Release and Dependency ManagementJoe Ferguson
 
DevOps + MongoDB Serverless = 
DevOps + MongoDB Serverless = DevOps + MongoDB Serverless = 
DevOps + MongoDB Serverless = Lauren Hayward Schaefer
 
Building CI/CD Pipelines for MongoDB Realm Apps
Building CI/CD Pipelines for MongoDB Realm AppsBuilding CI/CD Pipelines for MongoDB Realm Apps
Building CI/CD Pipelines for MongoDB Realm AppsLauren Hayward Schaefer
 
Documenting apps ti confnyc
Documenting apps ti confnycDocumenting apps ti confnyc
Documenting apps ti confnycJamil Spain
 
Porque Odeio Branches
Porque Odeio BranchesPorque Odeio Branches
Porque Odeio BranchesRafael Petry
 
Grails at DMC Digital
Grails at DMC DigitalGrails at DMC Digital
Grails at DMC Digitaltomaslin
 
Look, Ma! No servers! Serverless application development with MongoDB Stitch
Look, Ma! No servers! Serverless application development with MongoDB StitchLook, Ma! No servers! Serverless application development with MongoDB Stitch
Look, Ma! No servers! Serverless application development with MongoDB StitchLauren Hayward Schaefer
 
Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#James Montemagno
 
DevOps + MongoDB Realm Serverless Functions = 🤩
DevOps + MongoDB Realm Serverless Functions = 🤩DevOps + MongoDB Realm Serverless Functions = 🤩
DevOps + MongoDB Realm Serverless Functions = 🤩Lauren Hayward Schaefer
 
Hands on React Native: From Zero to Hero
Hands on React Native: From Zero to HeroHands on React Native: From Zero to Hero
Hands on React Native: From Zero to HeroDmitry Vinnik
 
Common Java problems when developing with Android
Common Java problems when developing with AndroidCommon Java problems when developing with Android
Common Java problems when developing with AndroidStephen Gilmore
 
JHipster conf : craftsmanship & tdd
JHipster conf : craftsmanship & tddJHipster conf : craftsmanship & tdd
JHipster conf : craftsmanship & tddHippolyte Durix
 
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...VincitOy
 
Modern Web Testing: Going Beyond Selenium
Modern Web Testing: Going Beyond Selenium Modern Web Testing: Going Beyond Selenium
Modern Web Testing: Going Beyond Selenium Dmitry Vinnik
 
TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)Danny Preussler
 
React Apps at AirHelp. Lessons learned.
React Apps at AirHelp. Lessons learned.React Apps at AirHelp. Lessons learned.
React Apps at AirHelp. Lessons learned.AirHelp
 
Continuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupContinuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupMike Long
 
Who let the robot out? - Building high quality software with Continuous Integ...
Who let the robot out? - Building high quality software with Continuous Integ...Who let the robot out? - Building high quality software with Continuous Integ...
Who let the robot out? - Building high quality software with Continuous Integ...Timo Stollenwerk
 
Fastlane on Android 介紹
Fastlane on Android 介紹Fastlane on Android 介紹
Fastlane on Android 介紹Kros Huang
 
From git to forge
From git to forgeFrom git to forge
From git to forgeNicolas Corrarello
 
Monorepo: React Web & React Native
Monorepo: React Web & React NativeMonorepo: React Web & React Native
Monorepo: React Web & React NativeEugene Zharkov
 
Monorepo: React + React Native. React Alicante
Monorepo: React + React Native. React Alicante Monorepo: React + React Native. React Alicante
Monorepo: React + React Native. React Alicante Eugene Zharkov
 
Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Perforce
 
Continuous delivery @CD Summit Stockholm
Continuous delivery @CD Summit StockholmContinuous delivery @CD Summit Stockholm
Continuous delivery @CD Summit StockholmMichael Medin
 
Continuous delivery from the trenches Redhat Forum Edition
Continuous delivery from the trenches Redhat Forum EditionContinuous delivery from the trenches Redhat Forum Edition
Continuous delivery from the trenches Redhat Forum EditionMichael Medin
 
How to Become a Conference Speaker
How to Become a Conference SpeakerHow to Become a Conference Speaker
How to Become a Conference SpeakerSven Peters
 
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talkChristianStuff
 
Redesinalambricas
RedesinalambricasRedesinalambricas
RedesinalambricasHIANNI27858
 
Un ser humano en el eespacio
Un ser humano en el eespacioUn ser humano en el eespacio
Un ser humano en el eespacioHIANNI27858
 

More Related Content

What's hot

Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#James Montemagno
 
DevOps + MongoDB Realm Serverless Functions = 🤩
DevOps + MongoDB Realm Serverless Functions = 🤩DevOps + MongoDB Realm Serverless Functions = 🤩
DevOps + MongoDB Realm Serverless Functions = 🤩Lauren Hayward Schaefer
 
Hands on React Native: From Zero to Hero
Hands on React Native: From Zero to HeroHands on React Native: From Zero to Hero
Hands on React Native: From Zero to HeroDmitry Vinnik
 
Common Java problems when developing with Android
Common Java problems when developing with AndroidCommon Java problems when developing with Android
Common Java problems when developing with AndroidStephen Gilmore
 
JHipster conf : craftsmanship & tdd
JHipster conf : craftsmanship & tddJHipster conf : craftsmanship & tdd
JHipster conf : craftsmanship & tddHippolyte Durix
 
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...VincitOy
 
Modern Web Testing: Going Beyond Selenium
Modern Web Testing: Going Beyond Selenium Modern Web Testing: Going Beyond Selenium
Modern Web Testing: Going Beyond Selenium Dmitry Vinnik
 
TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)Danny Preussler
 
React Apps at AirHelp. Lessons learned.
React Apps at AirHelp. Lessons learned.React Apps at AirHelp. Lessons learned.
React Apps at AirHelp. Lessons learned.AirHelp
 
Continuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupContinuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupMike Long
 
Who let the robot out? - Building high quality software with Continuous Integ...
Who let the robot out? - Building high quality software with Continuous Integ...Who let the robot out? - Building high quality software with Continuous Integ...
Who let the robot out? - Building high quality software with Continuous Integ...Timo Stollenwerk
 
Fastlane on Android 介紹
Fastlane on Android 介紹Fastlane on Android 介紹
Fastlane on Android 介紹Kros Huang
 
Monorepo: React Web & React Native
Monorepo: React Web & React NativeMonorepo: React Web & React Native
Monorepo: React Web & React NativeEugene Zharkov
 
Monorepo: React + React Native. React Alicante
Monorepo: React + React Native. React Alicante Monorepo: React + React Native. React Alicante
Monorepo: React + React Native. React Alicante Eugene Zharkov
 
Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Perforce
 
Continuous delivery @CD Summit Stockholm
Continuous delivery @CD Summit StockholmContinuous delivery @CD Summit Stockholm
Continuous delivery @CD Summit StockholmMichael Medin
 
Continuous delivery from the trenches Redhat Forum Edition
Continuous delivery from the trenches Redhat Forum EditionContinuous delivery from the trenches Redhat Forum Edition
Continuous delivery from the trenches Redhat Forum EditionMichael Medin
 
How to Become a Conference Speaker
How to Become a Conference SpeakerHow to Become a Conference Speaker
How to Become a Conference SpeakerSven Peters
 
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talkChristianStuff
 

What's hot (20)

Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#
 
DevOps + MongoDB Realm Serverless Functions = 🤩
DevOps + MongoDB Realm Serverless Functions = 🤩DevOps + MongoDB Realm Serverless Functions = 🤩
DevOps + MongoDB Realm Serverless Functions = 🤩
 
Hands on React Native: From Zero to Hero
Hands on React Native: From Zero to HeroHands on React Native: From Zero to Hero
Hands on React Native: From Zero to Hero
 
Common Java problems when developing with Android
Common Java problems when developing with AndroidCommon Java problems when developing with Android
Common Java problems when developing with Android
 
JHipster conf : craftsmanship & tdd
JHipster conf : craftsmanship & tddJHipster conf : craftsmanship & tdd
JHipster conf : craftsmanship & tdd
 
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...
 
Modern Web Testing: Going Beyond Selenium
Modern Web Testing: Going Beyond Selenium Modern Web Testing: Going Beyond Selenium
Modern Web Testing: Going Beyond Selenium
 
TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)
 
React Apps at AirHelp. Lessons learned.
React Apps at AirHelp. Lessons learned.React Apps at AirHelp. Lessons learned.
React Apps at AirHelp. Lessons learned.
 
Continuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupContinuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetup
 
Who let the robot out? - Building high quality software with Continuous Integ...
Who let the robot out? - Building high quality software with Continuous Integ...Who let the robot out? - Building high quality software with Continuous Integ...
Who let the robot out? - Building high quality software with Continuous Integ...
 
Fastlane on Android 介紹
Fastlane on Android 介紹Fastlane on Android 介紹
Fastlane on Android 介紹
 
From git to forge
From git to forgeFrom git to forge
From git to forge
 
Monorepo: React Web & React Native
Monorepo: React Web & React NativeMonorepo: React Web & React Native
Monorepo: React Web & React Native
 
Monorepo: React + React Native. React Alicante
Monorepo: React + React Native. React Alicante Monorepo: React + React Native. React Alicante
Monorepo: React + React Native. React Alicante
 
Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)
 
Continuous delivery @CD Summit Stockholm
Continuous delivery @CD Summit StockholmContinuous delivery @CD Summit Stockholm
Continuous delivery @CD Summit Stockholm
 
Continuous delivery from the trenches Redhat Forum Edition
Continuous delivery from the trenches Redhat Forum EditionContinuous delivery from the trenches Redhat Forum Edition
Continuous delivery from the trenches Redhat Forum Edition
 
How to Become a Conference Speaker
How to Become a Conference SpeakerHow to Become a Conference Speaker
How to Become a Conference Speaker
 
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk
 

Viewers also liked

Redesinalambricas
RedesinalambricasRedesinalambricas
RedesinalambricasHIANNI27858
 
Un ser humano en el eespacio
Un ser humano en el eespacioUn ser humano en el eespacio
Un ser humano en el eespacioHIANNI27858
 
The Production of Obesity among African American Women (Powerpoint)
The Production of Obesity among African American Women (Powerpoint)The Production of Obesity among African American Women (Powerpoint)
The Production of Obesity among African American Women (Powerpoint)Christopher Ndubuizu, MPH
 
Los nativos digitales y la busqueda de informacion en internet
Los nativos digitales y la busqueda de informacion en internetLos nativos digitales y la busqueda de informacion en internet
Los nativos digitales y la busqueda de informacion en internetIsabel lopez
 

Viewers also liked (13)

Redesinalambricas
RedesinalambricasRedesinalambricas
Redesinalambricas
 
Un ser humano en el eespacio
Un ser humano en el eespacioUn ser humano en el eespacio
Un ser humano en el eespacio
 
La robotica2
La robotica2La robotica2
La robotica2
 
The Production of Obesity among African American Women (Powerpoint)
The Production of Obesity among African American Women (Powerpoint)The Production of Obesity among African American Women (Powerpoint)
The Production of Obesity among African American Women (Powerpoint)
 
Busqueda bibliográfica
Busqueda bibliográficaBusqueda bibliográfica
Busqueda bibliográfica
 
Los nativos digitales y la busqueda de informacion en internet
Los nativos digitales y la busqueda de informacion en internetLos nativos digitales y la busqueda de informacion en internet
Los nativos digitales y la busqueda de informacion en internet
 
Seminario 5
Seminario 5Seminario 5
Seminario 5
 
Education modernization
Education modernizationEducation modernization
Education modernization
 
Presentación1seminario 3
Presentación1seminario 3Presentación1seminario 3
Presentación1seminario 3
 
Project E-NUFF Action Plan Presentation
Project E-NUFF Action Plan PresentationProject E-NUFF Action Plan Presentation
Project E-NUFF Action Plan Presentation
 
EKG PA Class 2017
EKG PA Class 2017EKG PA Class 2017
EKG PA Class 2017
 
Hazards
HazardsHazards
Hazards
 
Comparison matrix
Comparison matrixComparison matrix
Comparison matrix
 

Similar to GDG Morgantown, WV: Write code you can depend on!

Introduction to Go
Introduction to GoIntroduction to Go
Introduction to GoSimon Hewitt
 
10 Code Anti-Patterns to Avoid in Software Development.pdf
10 Code Anti-Patterns to Avoid in Software Development.pdf10 Code Anti-Patterns to Avoid in Software Development.pdf
10 Code Anti-Patterns to Avoid in Software Development.pdfAhmed Salama
 
Scaling applications with go
Scaling applications with goScaling applications with go
Scaling applications with goVimlesh Sharma
 
NodeJS vs Golang - A detailed comparison
NodeJS vs Golang - A detailed comparisonNodeJS vs Golang - A detailed comparison
NodeJS vs Golang - A detailed comparisonDevathon
 
Java And Community Support
Java And Community SupportJava And Community Support
Java And Community SupportWilliam Grosso
 
Introduction to go lang
Introduction to go langIntroduction to go lang
Introduction to go langAmal Mohan N
 
Let's Go: Introduction to Google's Go Programming Language
Let's Go: Introduction to Google's Go Programming LanguageLet's Go: Introduction to Google's Go Programming Language
Let's Go: Introduction to Google's Go Programming LanguageGanesh Samarthyam
 
Lets Go - An introduction to Google's Go Programming Language
Lets Go - An introduction to Google's Go Programming Language Lets Go - An introduction to Google's Go Programming Language
Lets Go - An introduction to Google's Go Programming Language Ganesh Samarthyam
 
PHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in phpPHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in phpAhmed Abdou
 
Golang : A Hype or the Future?
Golang : A Hype or the Future?Golang : A Hype or the Future?
Golang : A Hype or the Future?Mindfire LLC
 
Preparing for the WebGeek DevCup
Preparing for the WebGeek DevCupPreparing for the WebGeek DevCup
Preparing for the WebGeek DevCupbryanbibat
 
Google's Go Programming Language - Introduction
Google's Go Programming Language - Introduction Google's Go Programming Language - Introduction
Google's Go Programming Language - Introduction Ganesh Samarthyam
 
A First Look at Google's Go Programming Language
A First Look at Google's Go Programming LanguageA First Look at Google's Go Programming Language
A First Look at Google's Go Programming LanguageGanesh Samarthyam
 
Advantages of golang development services & 10 most used go frameworks
Advantages of golang development services & 10 most used go frameworksAdvantages of golang development services & 10 most used go frameworks
Advantages of golang development services & 10 most used go frameworksKaty Slemon
 
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDDaniel Garcia (a.k.a cr0hn)
 

Similar to GDG Morgantown, WV: Write code you can depend on! (20)

Introduction to Go
Introduction to GoIntroduction to Go
Introduction to Go
 
10 Code Anti-Patterns to Avoid in Software Development.pdf
10 Code Anti-Patterns to Avoid in Software Development.pdf10 Code Anti-Patterns to Avoid in Software Development.pdf
10 Code Anti-Patterns to Avoid in Software Development.pdf
 
Scaling applications with go
Scaling applications with goScaling applications with go
Scaling applications with go
 
NodeJS vs Golang - A detailed comparison
NodeJS vs Golang - A detailed comparisonNodeJS vs Golang - A detailed comparison
NodeJS vs Golang - A detailed comparison
 
Java And Community Support
Java And Community SupportJava And Community Support
Java And Community Support
 
Introduction to go lang
Introduction to go langIntroduction to go lang
Introduction to go lang
 
Let's Go: Introduction to Google's Go Programming Language
Let's Go: Introduction to Google's Go Programming LanguageLet's Go: Introduction to Google's Go Programming Language
Let's Go: Introduction to Google's Go Programming Language
 
Lets Go - An introduction to Google's Go Programming Language
Lets Go - An introduction to Google's Go Programming Language Lets Go - An introduction to Google's Go Programming Language
Lets Go - An introduction to Google's Go Programming Language
 
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD
 
Beginning development in go
Beginning development in goBeginning development in go
Beginning development in go
 
PHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in phpPHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in php
 
Developers survival-guide
Developers survival-guideDevelopers survival-guide
Developers survival-guide
 
Untangling4
Untangling4Untangling4
Untangling4
 
Golang : A Hype or the Future?
Golang : A Hype or the Future?Golang : A Hype or the Future?
Golang : A Hype or the Future?
 
Preparing for the WebGeek DevCup
Preparing for the WebGeek DevCupPreparing for the WebGeek DevCup
Preparing for the WebGeek DevCup
 
Google's Go Programming Language - Introduction
Google's Go Programming Language - Introduction Google's Go Programming Language - Introduction
Google's Go Programming Language - Introduction
 
A First Look at Google's Go Programming Language
A First Look at Google's Go Programming LanguageA First Look at Google's Go Programming Language
A First Look at Google's Go Programming Language
 
Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
 
Advantages of golang development services & 10 most used go frameworks
Advantages of golang development services & 10 most used go frameworksAdvantages of golang development services & 10 most used go frameworks
Advantages of golang development services & 10 most used go frameworks
 
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CD
 

Recently uploaded

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 

Recently uploaded (20)

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 

GDG Morgantown, WV: Write code you can depend on!

  • 1. Write code you can depend on! THE HIDDEN COST OF DEPENDENCIES AND AVOIDING THE LEFT-PAD PROBLEM
  • 3. About Me  Logan Spears  Software Consultant since 2011  Director of Development ShaleApps 2015  Worked on  iOS  Android  Server (mostly go)  Some web  github.com/loganjspears
  • 4. What is the left-pad problem?
  • 5. The left-pad Problem  npm package left-pad was unpublished  left-pad was a dependency of React, Babel, and other major packages.  Left-pad and its dependents were unavailable for 2.5 hours during the outage.
  • 6. npm Strikes Back  npm restored left-pad and other affected packages  They severely restricted un-publishing packages  The day is saved! Total down time was only 2.5 hours. Glad it won’t happen again!
  • 7. Can we review dependencies for a sec?
  • 8. Dependency Pros and Cons Pros  You get to stand on the shoulders of programming giants  Developer productivity is increased  DRY principals are upheld Cons  Cognitive load increased  Abandoned projects are common  Reproducible builds can be more difficult  Surface area is larger for bugs and security vulnerabilities
  • 9. Is there a larger problem here?
  • 10. The Larger Problem  Dependency graphs are extensive  express dependency graph includes:  41 nodes  31 maintainers  “ee-first” contains two functions  “range-parser” contains one function  Not all dependency versions are pinned
  • 11. Review of Semantic Versioning  MAJOR version when you make incompatible API changes,  MINOR version when you add functionality in a backwards- compatible manner, and  PATCH version when you make backwards-compatible bug fixes.  Express dependencies shown to the right. The “~” indicates packages that will automatically absorb patch numbers.
  • 12. Breaking the Build  Can you trust 31 maintainers and countless contributors to push bug free code?  Semantic versioning is not a hard guarantee  You can’t guarantee your dependencies will pin their dependencies’ version numbers.
  • 13. Security Concerns  rimrafall malicious package executing rm -rf /* /.*  npm accounts of dependency maintainers can be compromised  Commonly confused packages e.g. “express” vs “expressjs”
  • 14. I deal with it now. What’s the big deal?
  • 15. npm install != npm install  npm install can produce different results with the same package.json  Heroku, for example, uses npm install for deployments  Best practices advise to exclude dependencies from git  Your dev, CI, and production environment can all act differently  Everything can break when you push to production!  npm.org might be down!
  • 16. Ok fine I care. What should I do?
  • 17. Make your builds reproducible!  Check your dependencies into git  Architecture problems can arise  Have to remove build artifacts  npm shrinkwrap  Build Docker image (shown later)  Reduce your dependencies!
  • 18. Okay you hate npm are we done?
  • 19. Nope. Lets take a look at Go!
  • 20. Out of the box  Typical workflow  Write code  import “github.com/org/dep”  go get  Write more code  Shared $GOPATH  Go is a new awesome language. There can’t be any problems here!
  • 21. go get… Problems  $GOPATH dependency versions can conflict  Dependencies point to master branch which can change  go get can produce different results from the same source  Can I have semantic versioning back?
  • 22. How do I avoid getting shot by that gopher?
  • 23. Hacks prior to Go 1.6  gopkg.in  URL based versioning  Ex. “gopkg.in/yaml.v1”  GB  Alternative go tool  Separate $GOPATH for each project  godep  Embed dependencies in source  Rewrite import paths
  • 24. >= Go 1.6  Vendor support added in Go 1.6  Tools now copy source into vendor directory  godep uses /vendor  Builds now reproducible from just the source  Your build can’t fail if github is down!
  • 25. I am cool and use Docker. Am I covered?
  • 26. Docker w/ Node & npm  Bad  CI and Production using source and Dockerfile instead of image  Good  Saving your image and running tests on it
  • 28. “ ” A little copying is better than a little dependency. ROB PIKE